HIPAA Basics

 
A white plaque on a background of vertical wood planks. The word "Private" is in black text on the plaque.

A white plaque on a background of vertical wood planks. The word "Private" is in black text on the plaque.

On this page, you will learn what information is legally protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and how to comply with the requirements to keep that data private.

Overview

First, check out this brief video overview of HIPAA.

What is pHI?

On a white background are three concentric circles labeled from outer to inner "Medical/Health Information," "Individually Identifiable Health Information (IIHI)," and "Protected Health Information (PHI)."

On a white background is a graphic of three concentric circles labeled from outer to inner "Medical/Health Information," "Individually Identifiable Health Information (IIHI)," and "Protected Health Information (PHI)." IIHI is described as medical and demographic information that identifies the individual to which it belongs. This circle has a list of 3 characteristics of IIHI: It is “created or received by a healthcare provider, health plan, employer, or healthcare clearinghouse,” “relates to the past, present, or future physical or mental health/condition of a person; the provision of health care to a person; or the past, present, or future payment for the provision of health care to a person.” The inner circle defines PHI as “IIHI that is: 1. Transmitted by electronic media (e.g. sent through email), 2. Maintained in electronic media (e.g. stored on a server), or 3. Transmitted or maintained in any other form or medium (which includes paper documents stored in physical locations).”

An infographic listing the 18 identifiers that define protected health information (PHI).

An infographic listing the 18 identifiers that define protected health information (PHI) according to the U.S. Dept. of Health and Human Services.

Knowledge Check 1: HIPAA

What is HIPAA?

  • An abbreviation for a female hippopotamus.
  • A state law in Illinois.
  • A federal law that regulates health information.
  • A Chicago ordinance about health information.

True or False: PHI identifiers include states and partial face photos.

  • True
  • False

True or False: PHI includes health information that does not identify the individual.

  • True
  • False

HOw to protect PHI

Please read this article on how providers must protect PHI to avoid HIPAA violations and potential legal consequences.

Knowledge Check 2: Protecting PHI

What safeguards should you take with electronic PHI (information in/from Healthie)?

  • Turn on privacy locks (PIN or password) and have devices with access to PHI (ex. personal computer) automatically lock when the screen goes to sleep or turns on a screen saver
  • Do not share your password(s), even with other people from NW who have access to PHI (Healthie)
  • Don't share PHI on social media
  • All of the above

True or false: You can access any client's chart for any reason, even if you are simply curious.

  • True
  • False

Summary Guidelines: Protecting Client Info

To make sure you know what is expected of you, here are a list of basic guidelines to follow to avoid HIPAA violations/privacy issues for PHI/client information. These don't cover all possible situations, but should help develop your sense of how to handle data. Use your best professional judgment at all times regarding client data! If you are unsure of what to do or how to handle information, play it safe and ASK about it!

  • Make sure you have a professional reason to be accessing client information; i.e. you need it to provide services to a client, notate, or to coordinate with other staff (or are otherwise instructed to access it by a supervisor for training purposes).
  • Your devices (laptop/desktop computers, smartphones, etc.) need to have a password if they are used to access PHI. They should auto-lock and have a screen shut-off or automatic log-out set up.
  • Don't leave client information where others could reasonably see it either accidentally or on purpose (this means digitally, on your screen, on external/USB drives, or physically on paper). For example, close your laptop (and/or log off or make sure it locks) if you're walking away from it.
  • If you download client information onto personal computers or devices, make sure that you fully delete it when you are done using it. This means going beyond moving it into the "trash" or "recycling" folders to permanent deletion. If you have questions about properly disposing of information, ASK!
  • Don't share Healthie passwords with anyone, even if they are also affiliated with Nourishment Works. You will be held responsible for activity on your account.